Multiple cookies with the same name

Blacksmoke16 · April 15, 2021, 3:00am

So I was working on better supporting Cookies in Athena responses and noticed that the current HTTP::Cookies type doesn’t support cookies with the same name, but different path/domains. This is because the internal hash is only keyed by the cookies name, when it should really be [domain][path][name].

I check to see how other langs handle this:

Python allows it: requests/cookies.py at master · psf/requests · GitHub
Symfony allows it: symfony/ResponseHeaderBag.php at 5.x · symfony/symfony · GitHub
Rails doesn’t support it from what I can tell

I’m not sure how common this is, but would be pretty simple to support so .

Thoughts?

Blacksmoke16 · April 15, 2021, 11:16pm

Ok so I started messing around with an implementation for this and are some aspects that I didn’t think about that are going to make it trickier to implement.

#each method to get an Iterator
- It’s not as simple as like @cookies.each_value anymore. Would probably want to make use of Iterator.chain consisting of an iterator for each [domain][path] hash
#to_h wouldn’t support multiple names
- Technically would be a breaking change as it’ll no longer be a 1D hash
Prob some other stuff I didn’t run into yet.

I’m happy to continue figuring this out and make a PR, but think it would be worth seeing if this is something that is actually wanted first.

straight-shoota · April 16, 2021, 10:56am

I suppose it makes sense. Although actual use cases might be a bit rare. So not 100% sure about that.

Blacksmoke16 · April 16, 2021, 2:32pm

Yea given this hasn’t come up and I don’t really have a use case I’m just going to pause on it for now.

drhuffman12 · April 16, 2021, 6:04pm

Would this apply to testing multiple environments/deployments/url’s … and not wanting the cookies to ‘bleed’ between them?

Blacksmoke16 · April 16, 2021, 7:05pm

It mainly applies to like:

require "http"

cookies = HTTP::Cookies.new

cookies << HTTP::Cookie.new "name", "foo"
cookies << HTTP::Cookie.new "name", "bar", path: "path"

cookies["name"].value # => "bar"

Of which, would end up only setting the 2nd cookie in the browser.

mavu · April 16, 2021, 10:53pm

I find it quite insane that the specification even allows this.

jgaskins · April 18, 2021, 8:00am

It’s actually really great for microservice architectures implemented via layer-7 load balancing (such as an ALB or K8s Ingress resource).

For example, if https://example.com/a and https://example.com/ routed to two different services, allowing multiple cookies to be set with the same name at different paths means that the two services don’t need to coordinate in order to avoid naming collisions.

mavu · April 18, 2021, 9:02am

I think I misread the first post.

I read it as “allows with the same name and same path”

And thats the reason I don’t do software for planes or medical devices

Topic		Replies	Views
Invalid cookie value error in Kemal. How to fix? Help & Support	9	600	June 28, 2021
Athena 0.16.0 News	6	5280	January 13, 2022
RFC: Strict hash keys Community	14	638	September 22, 2020
Creating a JSON API with Athena & Granite News	10	1449	June 10, 2020
Hash to_json sometimes seems to work and sometimes not, why? Help & Support	2	154	February 25, 2023

Multiple cookies with the same name

Related Topics